Ajay: When the sensor sees events which could be using a spoofed source IP, it will record it as 0.0.0.0. In general you could say that anything that does not require two-way communication can be spoofed. I hope this help. Regards Eduardo
----- Original Message ----- From: "Ajay Dand" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, April 29, 2004 11:54 PM Subject: [ISSForum] [Newbie] All 0's in the source IP > Hi, > > I am not sure if this question has been asked a number of times before. > However, I have recently joined this forum, and I am still unable to > figure out this one. On a regular basis, I keep seeing quite a few > events in my SiteProtector with source IP as 0.0.0.0. I would like to > know how do I determine the real IP address of the event, and also how > can I filter packets with this kind of IP at the router. Any help would > be appreciated. Thanks in advance. > > Thanks & regards, > > Ajay Dand > _______________________________________________ > ISSForum mailing list > [EMAIL PROTECTED] > > TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum > > To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] > > The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328. _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
